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30 April 2015 


MEMORANDUM FOR DIRECTOR, NATIONAL RECONNAISSANCE OFFICE 

PRINCIPAL DEPUTY DIRECTOR, NATIONAL RECONNAISSANCE 
OFFICE 
DEPUTY DIRECTOR, NATIONAL RECONNAISSANCE OFFICE 
DIRECTOR, OFFICE OF SECURITY AND COUNTERINTELLIGENCE 











SUBJECT: (U) Memorandum Report: Audit of the National Reconnaissance 
Office Insider Threat Program (Project Number 2015-002 A) 





(U) The National Reconnaissance Office (NRO) Office of Inspector 
General (OIG) Memorandum Report on the Audit of the NRO Insider Threat 
Program is attached. The OIG conducted the survey phase of this audit 
from December 2014 to April 2015 in accordance with government 
auditing standards. 


NF 





(U/ LE@80) The objective of this audit was to determine whether 
the NRO has adequate controls in place to prevent and detect insider 
threats against NRO networks, systems, and data. After the OIG 
announced this audit, Office of Security and Counterintelligence 
(OS&CI) leadership 





























+ (b)(1) 

he OL erformed 
the survey phase of this audit, | anc one Bn 
(b)(3) 




















Overall, the OS&CI agreed with the OIG’s 








findings. 





(U/ LB280} Because the OIG and NRO leadership consider insider 
thrswat to be a high risk area, the OIG will include an audit of the 
NRO Insider Threat Program as part of the OIG Fiscal Year 2016 annual 
work plan. The audit will include (b)(3) 
the attached report. 


























| external assessments of 
the program. 





SECRE RN 


UNCLASSIFIED//FOR OFFICIAE-USE ONLY 


Approved for Release: 2017/05/25 C05099124 


SUBJECT: (U) Memorandum Report: 
Office Insider Threat Program 


(U) I appreciate the courtesies 
audit. Please direct any questions you may have regarding this 


unc approved for Release: 2017/05/25 €05099124, 


he Edn Koh bed 


SECRE 








memorandum to 








Auditor-In-Charge, 








(secure), or 
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at 


| Deputy Assistant Inspector General, 


/Adati G. Harris 


Inspector General 


(U) Memorandum Report (U/AFOQUO) 
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SUBJECT: (U) Memorandum Report: Audit of the National Reconnaissance 
Office Insider Threat Program (Project Number 2015-002 A) 
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DISTRIBUTION: 








Hard copy 

Director, National Reconnaissance Office 

Principal Deputy Director, National Reconnaissance Office 
Deputy Director, National Reconnaissance Office 

Director, Communications Systems Directorate and Chief Information 
Officer 

Director, Management Services and Operations Directorate 
Director, Mission Operations Directorate 

Director, Office of Contracts 

General Counsel 

Director, Office of Security and Counterintelligence 
Director, Office of Strategic Human Capital 























Auditor-In-Charge (b)(3) 
Follow-up Administrator (b)(3) 
OIG Chron 
Soft copy 


IG-Followup-Tracker (TIER) 
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(U) Audit of the National Reconnaissance Office 
Insider Threat Program 
(Project Number 2015-002 A) 


(U) Introduction 


(U) The Intelligence Community (IC) defines the term insider threat as an insider using 
her/his authorized access, wittingly or unwittingly, to do harm to the security of the United 
States. As recently experienced by the IC and the Department of Defense, this harm can take 
many forms, including industrial espionage, unauthorized disclosure of classified information, or 
even violent acts. This is an organization-wide 
risk that is not limited to information technology 


br couistintelligence (CD) ~The Washington Post 


(U) To address the magnitude of this Man whe leaked NSA secrets steps forward 
risk, in October 2011, the President released an we pad : - 
Executive Order (E.0.)' requiring departments 
and agencies to establish an insider threat 
program. The President subsequently issued 
several additional memoranda’ that established 
the National Insider Threat Policy clarifying his 
expectations for protecting federal entities. 
Under Presidential direction, the National 
Insider Threat Task Force (NITTF) issued 
guidance on how to comply with the National 
Insider Threat Policy and specified what must be 
included in an insider threat program. It 
prescribed a coordinated effort across multiple 
disciplines. Examples of these disciplines 
include Personnel Security, Law Enforcement, ji 
Privacy and Civil Liberties, Human Resources, ; 4 ge ae 
Information Assurance, CI, and Office of 7 
Inspector General (OIG). These interrelated = aes 
disciplines are supposed to form an agency-wide safety net, including government and 
contractors, to deter, detect, and mitigate actions by employees who may represent a threat to 
national security. 



































































































































(U) Accepting that an insider threat program takes time to mature, the President provided 
a timeline for agencies to reach initial operating capability with their respective Insider Threat 





'( U) E.0. 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and 
Safeguarding of Classified Information 

. (U) White House Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat 
Programs, and White House Memorandum, Compliance with the President's National Insider Threat Policy 
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Programs. The NITTF, with White House concurrence, clarified that by 20 May 2013, all 
agencies must 


1. (U) designate an insider threat senior official(s), 

2. (U) issue an insider threat policy signed by the department or agency head, and 

3. (U) submit to department or agency leadership an insider threat program 
implementation plan that addresses how the organization intends to meet the 
requirements set forth in the minimum standards. 


(U) Scope and Methodology 


(U/E98) The OIG conducted the survey phase of this audit from December 2014 to 
April 2015 in accordance with generally accepted government auditing standards. Those 
standards require that the OIG plan and perform the audit to obtain sufficient, appropriate 
evidence to provide a reasonable basis for the findings and conclusions. During this phase of the 
audit, the OIG met with personnel from the Office of Security and Counterintelligence (OS&CI) 
and other Insider Threat Program stakeholders including the Communications Systems 
Directorate, Mission Support and Operations Directorate, Office of General Counsel, and Office 
of Strategic Human Capital, and reviewed documentation. The OIG believes that the evidence 
obtained provides a reasonable basis for the findings and conclusions based on the audit 
objective. 


(U) Results 
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After the OIG announced this audit, OS&CI leadership (b)(1) 

















SAAIE_U/EORO) | in the NRO Insider Threat Program (b)(1) 
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(b)(3) 
St AE 
(b)(1) 
(b)(3) 
(U) Recommendation #1 for the Director, OS&CI: 
(b)(3) 
(U) | (b)(3) 
ee iouer tie OIG obtained and reviewed the existing NRO Insider Threat Program 
(b)(1) 
(b)(3) 
element of an insider threat program, the (b)(3) 
_OIGis (b)(1) 
(b)(3) 
efforts across many disciplines to fulfill this mission. 
SE 
(b)(1) 
(b)(3) 
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criteria not only requires a plan to be built reflecting a multidisciplinary approach, but it also 
requires that the plan provide the organization with a detailed way forward and include the 
following program management elements: 


e (U) Tasks required to accomplish program goals, and assignment of responsibility for 
those tasks; 

e (U) Task schedules and milestones; 

e (U) Funding and resource allocation; and 

e (U) Schedule for reporting progress, dependencies, and issues. 
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(b)(1) 
(b)(3) 
(U) Recommendation #2 for the Director, OS&CI: 
NF 
(U//EQRO) In coordination with NRO stakeholders, | (b)(1) 
(b)(3) 
aintaining the NRO Insider Threat Program, in accordance with 
NITTF and IC requirements. 
(U/EOUSY \memorandum report and the (b)(3) 
inherent risk that insiders pose, the OIG will include an audit of the NRO Insider Threat Program 
as part of the OIG Fiscal Year 2016 Annual Work Plan. The audit will include (b)(3) 
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